Real-World Cases

Computer Crime Case E: Brokerage Firm Claim

This case involved a large financial broker hiring a forensic consulting agency to examine one of their customer’s home computers. The customer claimed that they could not access the financial broker’s secure website for an extended period, nor process transactions. The customer also claimed damages of approximately $4.5 million due to his inability to access the site.

The customer’s home computer had been in continuous use by the family during the period when the customer claimed he could not access his investment portfolio. Computer forensic examiners were consulted to determine whether or not the computer had been used to access the secure website. The examiner had received several key words to use in conducting keyword searches, including key account numbers.

The keywords hit. The account numbers produced a match in unallocated areas of the drive that when extracted, and re-built by the examiner into the form of an HTML document (web page format), were determined to be the bottom of the secure website. The examiner learned that the web page had been deleted from internet cache. The page plainly showed the customer account number, and just as significant, a date during the period of time the customer claimed he could not access the site. The financial broker’s webmaster verified that this could only have come from the secure website.

The forensics examiner testified about his findings at the arbitration hearing. The opposing side produced an expert who claimed that data from unallocated space meant nothing and should not be considered. The forensic examiner’s testimony was accepted as accurate and the three member panel ruled in favor of the financial broker; awarding no damages. Further, cost and fees (normally split equally between parties) were reduced to 40% for the financial broker based on the strength of the evidence presented.